UPDATE: First, we want to apologize to the community for the exploit that occurred. We own this.
Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.
A timeline of events and details will be shared with all parties following a thorough postmortem, but in the meantime, here’s what happened:
There was an exploit affecting the native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub.” A total of 2 million BNB was withdrawn. The exploit was through a sophisticated forging of the low level proof into one common library.
Thanks to the assistance of all the security experts, projects, and validators, the vast majority of the funds remain under control.
What happens next? There will be on-chain governance votes to determine the following four actions for the common good of BNB:
- What to do with the hacked funds, freeze or not to freeze?
- Whether to use BNB Auto-Burn to cover the remaining hacked funds, or not?
- A Whitehat program for future bugs found, $1M for each significant bug found.
- A Bounty for catching hackers, up to 10% of the recovered funds.
The BSC validator voting function for general opinions will be switched on in the next few days via an upgrade of BNB Beacon Chain.
Looking at the broader picture, we have seen a series of attacks on targeting vulnerabilities in cross-chain bridges. We will openly share the details of the postmortem and all lessons on how to implement more advanced security measures to shore-up these vulnerabilities.
A new on-chain governance mechanism will be introduced on the BNB Chain to fight and defend future possible attacks.
The number of community validators will continue to expand in the move towards further decentralization. We believe it’s essential for the future of Web3.
Lastly, we owe a debt of gratitude to the community for moving so quickly to minimize what could have been a more serious incident. We’re sorry for any inconvenience that the suspension of BNB Smart Chain has caused, but we are truly grateful to the community for their support.
Again, thank you. We are humbled by the support, hard work, and dedication from the community of which we are proud to be a part.
BNB Chain Team